In order to allow a tunnel IPsec-VPN to communicate through iptables you have to add a rule that allows the "ah" protocol. Does anyone happen to know the syntax for adding such a rule to a Cisco PIX 515E firewall?
Refer to command reference guide[1] for Your specific PIX OS version and read about the access-list statement. Extended ACLs have the option to put the protocol in.
[1].
I think you can try:
sysopt permit ipsec
HTH
Chad
access-list [name of A-L] permit ah [source] [destination]
This is the same idea of having an access-list entry begin with "access-list xxx permit ip", "access-list xxx permit tcp", "access-list xxx permit udp", or even "access-list xxx permit esp".
If you want to get detailed, you could permit inbound from UDP port 500 to UDP port 500, depending on the protocol used. This varries based on VPN client and connection type. Cisco VPN client allows UDP or TCP and can connect on port 500, 10000, or whatever specified.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.